Demo 3 — Multi-Component + Environment

Three components.
Two can be stolen. — one cannot.

Real implementation, not simulation. Demo 3 actually applies the technology with three fragments. Two stored in your browser, one derived from your display size. Try to steal the browser fragments. The data remains locked because the third fragment cannot be stolen - it's never written anywhere, only computed on demand.

How It Works
Alice Chen’s Protected Record

Alice Chen (ID 1001) has a protected record. Three things combine to unlock it: a server fragment, a browser fragment, and a display-size fragment.

Click Re-lock to lock your current window size. The record becomes readable. Then resize your browser window and click it again — the record disappears.

In hacker mode, you can steal the browser fragments. But the display-size fragment can never be stolen because it was never stored anywhere.

Try it yourself
1Click Re-lock to Current Size to lock the record using your current window dimensions.
2Observe the record is now readable — SSN, card number, and balance appear.
3Resize your browser window (drag the edge or corner to a different size).
4Click Re-lock to Current Size again — the record disappears because the locked size no longer matches.
5 Restore the original window size, click Re-lock, and the data reappears.
The display-size fragment exists only as a live computation — SHA-256(width × height) — and is never written to any storage. No chip to extract it from.

Alice Chen (1001)

LOCKED
SSN——————
Card————————
Balance--------
Lock the display size to unlock the record.
Display size: —— | Locked at: ——
🦁
Fragment 1
localStorage — survives restarts
🥶
Fragment 2
sessionStorage — cleared on tab close
🌐
Fragment 3
SHA-256(window size) — never stored
derived from display
🕵

Attacker’s Inventory

S  ✓ C1  ✗ C2  ✗ C3  ⊕
Has S. Missing C1, C2, C3.
The server fragment S is always readable. C1 and C2 are in browser storage. C3 is never written anywhere.
Server Fragment (S)
Always readable by attacker with server access
calculating...
An attacker with server access can read S from the database. It is not secret — it is one component among three, and alone it reveals nothing.
🔒 Why C3 Cannot Be Stolen

C1 lives in localStorage — survives browser restarts. C2 lives in sessionStorage — gone when the tab closes. Both are auto-generated the first time you visit this browser.

C3 is SHA-256(width × height), computed live and discarded immediately. It is never written anywhere. There is no chip to extract it from.

▸ Hacker hint (spoilers)

To find C3 you need to look somewhere other than the screen. You already have the right tool open.
About this demo: This implementation uses standard browser mechanisms to demonstrate component distribution. The patent describes multiple implementation approaches including hardware-derived components and environmental derivation without requiring specialized hardware.